/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: RedirectCheckResultHandler.java,v 1.2 2008/06/25 05:51:48 qcheng Exp $
*
*/
/**
* Portions Copyrighted 2014 ForgeRock AS
*/
/**
* <p>
* This result handler provides the necessary functionality to process incoming
* requests that need correction for single-point infinite redirect loops.
* </p>
*/
implements IRedirectCheckResultHandler {
/**
* The constructor that takes a <code>Manager</code> intance in order
* to gain access to the infrastructure services such as configuration
* and log access.
*
* @param manager the <code>Manager</code> for the <code>filter</code>
* subsystem.
*/
super(manager);
}
throws AgentException {
setCryptUtil();
//NOTE: This handler is active even in NONE mode of operation
}
/**
* Checks to see if the given result is a potential single-point inifinite
* looping point which needs to be controlled. If the result is identified
* as a redirect loop, the result will be overriden to ensure that such
* a loop can be stopped immediately.
*
* @param ctx the filter request context which provides access to the
* underlying <code>HttpServletRequest</code>,
* <code>HttpServletResponse</code> and other data that
* may be needed by this handler for facilitating its processing.
*
* @param result the <code>AmFilterResult</code> obtained by the
* <code>AmFilter</code> by processing the incoming request.
*
* @return <code>AmFilterResult</code> if the processing resulted in a
* particular action to be taken for the incoming request. <b>If no
* processing is applicable to the given result instance, the same instance
* is returned by this method.</b>
*
* @throws AgentException if the processing resulted in an unrecoverable
* error condition
* an unexpected error condition
*/
throws AgentException {
try {
if (getRedirectAttemptLimit() > 0) {
if (lastValue >= getRedirectAttemptLimit()) {
if (isLogWarningEnabled()) {
logWarning("RedirectCheckResultHandler: "
+ "redirect attempt limit reached for "
+ newURL + ", access will be denied");
}
// Check for Access denied URL
if (accessDeniedURL != null
logError("RedirectCheckResultHandler: Detected "
+ " redirects on access denied URL "
+ accessDeniedURL + ", using FORBIDDEN "
+ "code to block");
} else {
}
} else {
if (isLogWarningEnabled()) {
"RedirectCheckResultHandler: "
+ "redirect number "
+ " resulted in same redirect");
}
}
} else {
// Either previous cookie was null or its a new URL,
// need to reset the counter value
}
} else {
if (isLogMessageEnabled()) {
logMessage("RedirectCheckResultHandler: removing "
+ "redirect counter cookie");
}
}
}
}
logError("RedirectCheckResultHandler: Unable to process filter "
+ "result, denying access",
ex);
}
return result;
}
/**
* Returns a boolean value indicating if this result handler is enabled
* or not.
* @return true if the result handler is enabled, false otherwise
*/
public boolean isActive() {
}
/**
* Returns a String that can be used to identify this result handler
* @return the name of this task handler
*/
}
throws AgentException {
}
throws AgentException {
try {
if (value < 0) {
throw new AgentException("Invalid last counter value: " +
}
throw new AgentException(
"Failed to set redirect counter value", ex);
}
}
throws AgentException {
try {
throw new AgentException("Unable to encrypt redirect counter value",
ex);
}
return result;
}
try {
} else {
throw new AgentException(
"Invalid Redirect Counter Value: "
+ innerValue);
}
|| timeSuffix == null
throw new AgentException("Malformed Redirect Counter: "
+ innerValue);
}
}
throw new AgentException("Error reading redirect counter value",
ex);
}
} else {
if(isLogMessageEnabled()) {
"RedirectCheckResultHandler: no redirect counter token "
+ "found in request");
}
}
return result;
}
private void initRedirectCounterCookieName() {
}
}
return _redirectCounterCookieName;
}
private int getRedirectAttemptLimit() {
return _redirectAttemptLimit;
}
private void initRedirectAttemptLimit() {
if (limit <= 0) {
if (isLogWarningEnabled()) {
"RedirectCheckResultHandler: Redirect counter disabled: "
+ limit);
}
limit = 0;
}
}
}
return _crypt;
}
}
private int _redirectAttemptLimit;
}